Foothold

Interacting with the web application provided by the Docker VM, we notice it is running a WordPress instance:

Foothold

Figure 13.4: WordPress application served by the VM

The next step in our attack will be running the wpscan tool and looking for any low-hanging fruit, and gathering as much information about the instance as possible.

Note

The wpscan tool is available on Kali and almost any other penetration-testing-focused distribution. The latest version can be pulled from https://github.com/wpscanteam/wpscan.

We can start our attack by issuing a wpscan command in the attack machine terminal. By default, passive detection will be enabled to look for ...

Get Becoming the Hacker now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.